You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@activemq.apache.org by "Jackson, Douglas" <do...@siemens.com> on 2021/05/04 16:54:39 UTC
Usage of xstream in activemq
Hi!
We are wondering the extent of the danger from the usage of xstream in ActiveMQ prior to 5.16.
Is it related only to the ActiveMQ web console?
Does ActiveMQ use blacklists or whitelists?
Is there a way to avoid the security issues posed by the usage of xstream while using the versions of ActiveMQ in which xstream is used?
-Doug
RE: Usage of xstream in activemq
Posted by "Jackson, Douglas" <do...@siemens.com>.
Hi!
Sorry. I did not see it posted so I thought I needed to register.
I registered and sent it again.
-Doug
-----Original Message-----
From: Justin Bertram <jb...@apache.org>
Sent: Tuesday, May 4, 2021 2:05 PM
To: users@activemq.apache.org
Subject: Re: Usage of xstream in activemq
You sent this message to the list previously, and I responded to your questions on that thread. Please refrain from sending the same message to the list multiple times. Thanks!
Justin
On Tue, May 4, 2021 at 1:57 PM Jackson, Douglas < douglas.s.jackson@siemens.com> wrote:
> Hi!
> We are wondering the extent of the danger from the usage of xstream in
> ActiveMQ prior to 5.16.
>
> Is it related only to the ActiveMQ web console?
> Does ActiveMQ use blacklists or whitelists?
>
> Is there a way to avoid the security issues posed by the usage of
> xstream while using the versions of ActiveMQ in which xstream is used?
> -Doug
>
Re: Usage of xstream in activemq
Posted by Justin Bertram <jb...@apache.org>.
You sent this message to the list previously, and I responded to your
questions on that thread. Please refrain from sending the same message to
the list multiple times. Thanks!
Justin
On Tue, May 4, 2021 at 1:57 PM Jackson, Douglas <
douglas.s.jackson@siemens.com> wrote:
> Hi!
> We are wondering the extent of the danger from the usage of xstream in
> ActiveMQ prior to 5.16.
>
> Is it related only to the ActiveMQ web console?
> Does ActiveMQ use blacklists or whitelists?
>
> Is there a way to avoid the security issues posed by the usage of xstream
> while using the versions of ActiveMQ in which xstream is used?
> -Doug
>